support caching for boring tls crt issuer

Closes #337
plabayo · Oct 17, 2024 · ae829c1 · ae829c1
1 parent d0b7af7
commit ae829c1
Show file tree

Hide file tree

Showing 6 changed files with 243 additions and 47 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -45,6 +45,7 @@ futures-lite = "2.3.0"
 futures-core = "0.3"
 h2 = "0.4"
 headers = "0.4"
+moka = "0.12.8"
 hex = "0.4"
 http = "1"
 http-body = "1"

diff --git a/rama-net/src/tls/server/config.rs b/rama-net/src/tls/server/config.rs
@@ -50,16 +50,28 @@ pub enum ServerAuth {
     /// Single data provided by the configurator
     Single(ServerAuthData),
     /// Issuer which provides certs on the fly
-    CertIssuer {
-        data: ServerCertIssuer,
-        // TODO: support options
-    },
+    CertIssuer(ServerCertIssuerData),
+}
+
+impl Default for ServerAuth {
+    fn default() -> Self {
+        ServerAuth::SelfSigned(SelfSignedData::default())
+    }
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct ServerCertIssuerData {
+    /// The kind of server cert issuer
+    pub kind: ServerCertIssuerKind,
+    /// The max amount of certs to cache,
+    /// a default value of 8096 is used if 0.
+    pub max_cache_size: u64,
 }
 
 #[derive(Debug, Clone)]
 /// A type of [`ServerAuth`] which can be used to generate
 /// server certs on the fly using the given issuer
-pub enum ServerCertIssuer {
+pub enum ServerCertIssuerKind {
     /// Request the tls implementation to generate self-signed single data
     SelfSigned(SelfSignedData),
     /// Single data provided by the configurator
@@ -68,6 +80,12 @@ pub enum ServerCertIssuer {
     // work with an external cert provider
 }
 
+impl Default for ServerCertIssuerKind {
+    fn default() -> Self {
+        ServerCertIssuerKind::SelfSigned(SelfSignedData::default())
+    }
+}
+
 #[derive(Debug, Clone, Default)]
 /// Data that can be used to configure the self-signed single data
 pub struct SelfSignedData {

diff --git a/rama-net/src/tls/server/mod.rs b/rama-net/src/tls/server/mod.rs
@@ -3,5 +3,6 @@
 mod config;
 #[doc(inline)]
 pub use config::{
-    ClientVerifyMode, SelfSignedData, ServerAuth, ServerAuthData, ServerCertIssuer, ServerConfig,
+    ClientVerifyMode, SelfSignedData, ServerAuth, ServerAuthData, ServerCertIssuerData,
+    ServerCertIssuerKind, ServerConfig,
 };
diff --git a/rama-tls/Cargo.toml b/rama-tls/Cargo.toml
@@ -16,11 +16,12 @@ workspace = true
 [features]
 default = []
 rustls = ["dep:rustls", "dep:rustls-native-certs", "dep:rustls-pemfile", "dep:rustls-pki-types", "dep:webpki-roots", "dep:rcgen", "dep:tokio-rustls", "rama-net/rustls"]
-boring = ["dep:boring", "dep:tokio-boring", "rama-net/boring"]
+boring = ["dep:boring", "dep:tokio-boring", "rama-net/boring", "dep:moka"]
 rustls-ring = ["rustls", "tokio-rustls/ring", "rustls/ring", "rama-net/rustls-ring"]
 
 [dependencies]
 boring = { workspace = true, optional = true }
+moka = { workspace = true, features = [ "sync" ], optional = true }
 parking_lot = { workspace = true }
 pin-project-lite = { workspace = true }
 rama-core = { version = "0.2.0-alpha.4", path = "../rama-core" }